Extracted

• • Target

    da3ef6613f3b3a7ae9d7b7583c8f71d4

  • Size

    40.0MB

  • MD5

    da3ef6613f3b3a7ae9d7b7583c8f71d4

  • SHA1

    524a58dd38f63ac57f801efad2f5a350b5f90e0e

  • SHA256

    7e349519630ee5375d6dd2671aa8137fd91cd03b05c453450ce66e13f84e3419

  • SHA512

    d2a77587f5467b50be2e57145677d96e9a9194bb867d3221f325342e34929193a202cc35a7e0d005673d4d08a1ce886df8279ae5604d04b05378f9ded8c3abc0

  • SSDEEP

    49152:zChvv6FzlQKxCjGj+Vd4OscisICzSHgz/1ooOEO3/8CJtQmqFkCn3sSJ5hp6A0+q:zChvydfkj2m4WIG/1Iv4PekkkdH+

  Score

  10^/10

  rhadamanthysdiscoverypersistencestealer

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Suspicious use of NtCreateThreadExHideFromDebugger

  behavioral1behavioral2